It looks as though Apple has gotten caught in an uncomfortable place with Dashboard. It turns out that the default install of Tiger+Safari has opened up a potentially nasty security hole. Several people have demonstrated that Safari can be used to install a Widget in the Dashboard in the background while you are looking at a Web page. If you're running Tiger, go into your Safari preferences and turn off the feature letting it run "safe" files.
Here's an example of one of the wicked widgets. (I have put in an extra xxx- to make sure nobody blindly clicks it.) It's safe to look at the page with non-Safari browsers. <html://xxx-stephan.com/widgets/zaptastic/> From the beginning the Dashboard looked like a pretty lame feature to me, but now I'm very underwhelmed with its security. For some reason Apple is going out of its way to avoid putting multiple/ extended desktops in Mac OS X, and is instead relying on flashy, dubious desktop layering with Dashboard and Expos?. Every other Unix desktop has this right, and Apple is stubbornly refusing to admit a mistake. Or maybe The Steve thinks multiple desktops are too complicated for his users. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2363 bytes Desc: not available Url : http://www.math.louisville.edu/pipermail/macgroup/attachments/20050511/77d63e78/attachment.bin
